Friday, 2 August 2013

Centos 6/RHEL disable SELinux

Security-Enhanced Linux  is  a robust security mechanism that is enabled by default. It improves, and as the name implies, enhances the security of the server but sometimes the need arises to disable it in order to install a new package such as cPanel, DirectAdmin, or Plesk, or to speed up the process of server management. This is not something you would normally do and in some circles it is frowned upon but occasionally you may feel it is the best solution.

The three enforcement levels for SELinux are

enforcing
permissive
disabled

Here we are going to set it to disabled in order to perform the required task.

To determine the current state of SELinux you can run

$ getenforce
Enforcing

So open up in the editor as follows

$ sudo vi /etc/sysconfig/selinux

Scroll down to find the line that reads

SELINUX=

Change the line to read

SELINUX=disabled

So the file should appear as below

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#
enforcing - SELinux security policy is enforced.
#
permissive - SELinux prints warnings instead of enforcing.
#
disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#
targeted - Targeted processes are protected,
#
mls - Multi Level Security protection.
SELINUXTYPE=targeted

That's it, now reboot the system

# reboot

SELinux is enabled during the boot process and has three running states

Enforcing - Enforces security and and access policies around files and processes

Permissive - This level allows operations that would otherwise be blocked, report messages are sent to /var/log/audit/audit.log indicating which operations would have to be blocked. In this state the mechanism that labels files and processes according to SELinux policies is still active.

Disabled - This level completely disables SELinux, permitting all operations and disabling logging and file labeling.







No comments:

Post a Comment